of the advisory and patches, with a clearly marked embargo date, as
soon as they are available. The pre-disclosure list will also receive
copies of public advisories when they are first issued or updated
+

Handling of embargoed information

Organizations on the pre-disclosure list are expected to maintain
the confidentiality of the vulnerability up to the embargo date which
security@xenproject have agreed with the discoverer, and are
@@ -214,6 +215,7 @@ following:

NOTE: Prior v2.2 of this policy (25 June 2014) it was
permitted to also make available the allocated CVE number. This is no
longer permitted in accordance with MITRE policy.

+

Predisclosure list membership application process

Organisations who meet the criteria should contact
security@xenproject if they wish to receive pre-disclosure of
advisories. Please include in the e-mail: